Commit graph

3766 commits

Author SHA1 Message Date
Matthew Garrett
1e32d63145 Add BIOS boot measurement
Measure the on-disk grub core on BIOS systems - unlike UEFI, the firmware
can't do this stage for us.
2016-01-05 14:35:17 -08:00
Matthew Garrett
f22ee4487c Measure kernel + initrd
Measure the kernel and initrd when loaded on UEFI systems
2016-01-05 14:35:17 -08:00
Matthew Garrett
858f763466 Core TPM support
Add support for performing basic TPM measurements. Right now this only
supports extending PCRs statically and only on UEFI and BIOS systems, but
will measure all modules as they're loaded.
2016-01-05 14:35:05 -08:00
Matthew Garrett
76fb8e4341 Fix race in EFI validation
The Secure Boot code currently reads the kernel from disk, validates the
signature and then reads it from disk again. A sufficiently exciting storage
device could modify the kernel between these two events and trigger the
execution of an untrusted kernel. Avoid re-reading it in order to ensure
this isn't a problem, and in the process speed up boot by not reading the
kernel twice.
2016-01-05 14:14:54 -08:00
Vladimir Serbinenko
f86fd54cf0 Add memdisk support to grub-emu.
Use it to add custom files, so that tests which need them work.
2016-01-05 21:10:27 +01:00
Vladimir Serbinenko
3f430a0126 Move file loading functions to grub-emu.
So that we can use it in grub-emu as well as utils.
2016-01-05 21:10:27 +01:00
Vladimir Serbinenko
f2b54835f2 Disable progress indicator in grub-shell.
This disables progress indicator for tests. This in turn fixes test
flakiness as they ended up timing-dependent.
2016-01-05 21:10:10 +01:00
Vladimir Serbinenko
300be005a8 Update checksums 2016-01-05 11:55:30 +01:00
Andrei Borzenkov
aa7bb4607b acpihalt: add GRUB_ACPI_OPCODE_CREATE_DWORD_FIELD (0x8a)
Fixes ACPI halt on ASUSTeK P8B75-V,
Bios: American Megatrends v: 0414 date: 04/24/2012

Reported-By: Goh Lip <g.lip@gmx.com>
2016-01-02 21:33:18 +03:00
Andrei Borzenkov
19554a6034 acpihalt: fix GRUB_DSDT_TEST compilation 2016-01-02 19:02:19 +03:00
Andrei Borzenkov
ba83ed1538 Add missing BUILD_EXEEXT 2016-01-01 12:06:40 +03:00
Andrey Borzenkov
4d6e9c8a92 remove temporary .bin files (kernel and modules) 2015-12-31 23:00:25 +03:00
Vladimir Serbinenko
3b21499506 Disable build-time module check on emu.
On emu some checks can be laxer like check for relocation range. Additionally
module loading in emu is rarely used. So skip this check rather than making
it laxer for all platforms. In ideal we may want to have slightly different
check for emu but for now this is good enough.
2015-12-31 18:20:11 +01:00
Vladimir Serbinenko
68e158dffd Strip .ARM.exidx
This section is generated by clang and is useful only for debugging.
It contains exotic relocations, so strip them to avoid them interferring
with module loading.
2015-12-31 18:13:59 +01:00
Vladimir Serbinenko
76588d1319 xen/relocator: Use local symbol to ensure that code is relocation-free. 2015-12-31 14:54:56 +01:00
Vladimir Serbinenko
60ae582142 backtrace: Fix register call syntax 2015-12-31 14:54:48 +01:00
Vladimir Serbinenko
a7cf8b1e23 Verify modules on build-time rather than failing in runtime. 2015-12-31 13:09:15 +01:00
Vladimir Serbinenko
5919626c90 sparc64: Fix assembly to let compiler to fill in memory references.
This fixes the use of not fully relocatable (they assume that variables are
under 4G limit in virtual memory) references.
2015-12-31 13:07:16 +01:00
Vladimir Serbinenko
79cfad6fbe backtrace: Remove assembly assumption that grub_backtrace_pointer is under 4G 2015-12-30 18:19:44 +01:00
Andrei Borzenkov
93ecc3f1f8 menu: fix line count calculation for long lines
It gave one extra screen line if length was exactly equal to screen
width.

Reported by Michael Chang.
Also-By: Michael Chang <mchang@suse.com>
2015-12-30 06:20:51 +03:00
Vladimir Serbinenko
ca7bb46d5c exfat: Fix stream extension flag parsing. 2015-12-29 17:42:25 +01:00
Andrei Borzenkov
3bca85b418 devmapper: check for valid device abstraction in get_grub_dev
This was lost when code was refactored. Patch restores previous behavior.

It is still not clear whether this is the right one. Due to the way we
detect DM abstraction, partitions on DM are skipped, we fall through to
generic detection which ends up in assuming parent device is BIOS disk.

It is useful to install GRUB on VM disk from the host. But it also means
that GRUB will mistakenly allow install on real system as well.

For now let's fix regression; future behavior needs to be discussed.

Closes: 45163
2015-12-26 21:45:22 +03:00
Andrei Borzenkov
a9399f2e1e windows: correct LBA in generated EFI HDD media paths
GRUB keeps partition offset and size in units of 512B sectors. Media paths
are defined in terms of LBA which are presumed to match HDD sector size.

This is probably cosmetic (EFI requires that partition is searched by GUID)
and still incorrect if GPT was created using different logical block size.
But current code is obviously wrong and new has better chances to be correct.
2015-12-19 11:32:49 +03:00
Michael Marineau
286f1b63df Merge branch 'master' of git://git.savannah.gnu.org/grub 2015-12-17 12:01:00 -08:00
Robert Elliott
c79c59f129 lsefimmap: support persistent memory and other UEFI 2.5 features
This should accompany
	76ce1de740 Translate UEFI persistent memory type

1. Add a string for the EfiPersistentMemory type 14 that was
added in UEFI 2.5.

2. Decode the memory attributes that were added in UEFI 2.5:
* NV (non-volatile)
* MORE_RELIABLE (higher reliable, e.g., mirrored memory in a system
  with partial memory mirroring)
* RO (read-only)

3. Use proper IEC binary units (KiB, MiB, etc.) for power-of-two
values rather than misusing SI power-of-ten units (KB, MB, etc.)

4. The lsmmap command only decodes memory ranges sizes up to GiB scale
units.  Persistent memory ranges will reach into the TiB scale.
Since 64-bit size field supports TiB, PiB, and EiB, decode all of
them for completeness.

5. In the lsefimmap command, rewrite the print statements to
* avoid rounding
* avoid a big nested if/else tree.

For example: In the sixth entry below, the value of 309MB implies
316416KB but is really reporting 316436KB.

Widen the size column to 6 digits to accommodate typical cases.
The worst case value would require 14 digits; if that happens,
let the columns get out of sync.

Old format:
Type      Physical start  - end             #Pages     Size Attributes
conv-mem  0000000000000000-0000000000092fff 00000093  588KB UC WC WT WB
reserved  0000000000093000-0000000000093fff 00000001    4KB UC WC WT WB
conv-mem  0000000000094000-000000000009ffff 0000000c   48KB UC WC WT WB
conv-mem  0000000000100000-000000000fffffff 0000ff00  255MB UC WC WT WB
BS-code   0000000010000000-0000000010048fff 00000049  292KB UC WC WT WB
conv-mem  0000000010049000-000000002354dfff 00013505  309MB UC WC WT WB
ldr-data  000000002354e000-000000003ecfffff 0001b7b2  439MB UC WC WT WB
BS-data   000000003ed00000-000000003ed7ffff 00000080  512KB UC WC WT WB
conv-mem  000000003ed80000-000000006af5ffff 0002c1e0  705MB UC WC WT WB
reserved  000000006af60000-000000006b55ffff 00000600    6MB UC WC WT WB
BS-data   000000006b560000-000000006b560fff 00000001    4KB UC WC WT WB
RT-data   000000006b561000-000000006b5e1fff 00000081  516KB RT UC WC WT WB
BS-data   000000006b5e2000-000000006ecfafff 00003719   55MB UC WC WT WB
BS-code   000000006ecfb000-000000006ecfbfff 00000001    4KB UC WC WT WB
conv-mem  000000006ecfc000-00000000711fafff 000024ff   36MB UC WC WT WB
BS-data   00000000711fb000-000000007128dfff 00000093  588KB UC WC WT WB
Unk 0d    0000000880000000-0000000e7fffffff 00600000   24GB UC WC WT WB NV
reserved  0000001680000000-0000001c7fffffff 00600000   24GB UC WC WT WB NV

New format:
Type      Physical start  - end             #Pages        Size Attributes
conv-mem  0000000000000000-0000000000092fff 00000093    588KiB UC WC WT WB
reserved  0000000000093000-0000000000093fff 00000001      4KiB UC WC WT WB
conv-mem  0000000000094000-000000000009ffff 0000000c     48KiB UC WC WT WB
conv-mem  0000000000100000-000000000fffffff 0000ff00    255MiB UC WC WT WB
BS-code   0000000010000000-0000000010048fff 00000049    292KiB UC WC WT WB
conv-mem  0000000010049000-000000002354dfff 00013505 316436KiB UC WC WT WB
ldr-data  000000002354e000-000000003ecfffff 0001b7b2 450248KiB UC WC WT WB
BS-data   000000003ed00000-000000003ed7ffff 00000080    512KiB UC WC WT WB
conv-mem  000000003ed80000-000000006af5ffff 0002c1e0 722816KiB UC WC WT WB
reserved  000000006af60000-000000006b55ffff 00000600      6MiB UC WC WT WB
BS-data   000000006b560000-000000006b560fff 00000001      4KiB UC WC WT WB
RT-data   000000006b561000-000000006b5e1fff 00000081    516KiB RT UC WC WT WB
BS-data   000000006b5e2000-000000006ecfafff 00003719  56420KiB UC WC WT WB
BS-code   000000006ecfb000-000000006ecfbfff 00000001      4KiB UC WC WT WB
conv-mem  000000006ecfc000-0000000071222fff 00002527  38044KiB UC WC WT WB
BS-data   0000000071223000-00000000712ddfff 000000bb    748KiB UC WC WT WB
persist   0000000880000000-0000000e7fffffff 00600000     24GiB UC WC WT WB NV
reserved  0000001680000000-0000001c7fffffff 00600000     24GiB UC WC WT WB NV
2015-12-17 21:00:44 +03:00
Andrei Borzenkov
609c049dcc kernel: print and reset grub_errno after each embedded config line
Otherwise it causes subsequent file open to fail, because grub_file_open
misinterprets set grub_errno for grub_file_get_device_name failure.

Closes: 46540
2015-12-16 21:20:30 +03:00
Andrei Borzenkov
7136b545c1 Erase backspaced character in grub_username_get
It probably does not work across linefeed, but hopefully user names are not
that long (and nobody is using terminal that small).
2015-12-16 19:20:10 +03:00
Hector Marco-Gisbert
451d80e52d Fix security issue when reading username and password
This patch fixes two integer underflows at:
  * grub-core/lib/crypto.c
  * grub-core/normal/auth.c

CVE-2015-8370

Signed-off-by: Hector Marco-Gisbert <hecmargi@upv.es>
Signed-off-by: Ismael Ripoll-Ripoll <iripoll@disca.upv.es>
Also-By: Andrey Borzenkov <arvidjaar@gmail.com>
2015-12-16 07:57:18 +03:00
Robert Elliott
76ce1de740 Translate UEFI persistent memory type
Define
* GRUB_EFI_PERSISTENT_MEMORY (UEFI memory map type 14) per UEFI 2.5
* GRUB_MEMORY_PERSISTENT (E820 type 7) per ACPI 3.0
* GRUB_MEMORY_PERSISTENT_LEGACY (E820 unofficial type 12) per ACPI 3.0

and translate GRUB_EFI_PERSISTENT_MEMORY to GRUB_MEMORY_PERSISTENT in
grub_efi_mmap_iterate().

Includes
* adding the E820 names to lsmmap
* handling the E820 types in make_efi_memtype()

Suggested-by: Vladimir 'φ-coder/phcoder' Serbinenko <phcoder@gmail.com>
Suggested-by: Andrei Borzenkov <arvidjaar@gmail.com>
2015-12-15 10:25:34 +03:00
Josef Bacik
fb47807918 tcp: ack when we get an OOO/lost packet
While adding tcp window scaling support I was finding that I'd get some packet
loss or reordering when transferring from large distances and grub would just
timeout.  This is because we weren't ack'ing when we got our OOO packet, so the
sender didn't know it needed to retransmit anything, so eventually it would fill
the window and stop transmitting, and we'd time out.  Fix this by ACK'ing when
we don't find our next sequence numbered packet.  With this fix I no longer time
out.  Thanks,

Signed-off-by: Josef Bacik <jbacik@fb.com>
2015-12-07 20:52:27 +03:00
Michael Chang
a03c1034f6 i386: fix TSC calibration using PIT
Condition was accidentally reversed, so PIT calibration always failed
when PIT was present and always succeeded when PIT was missing, but in
the latter case resulted in absurdly fast clock.

Reported and tested by Vitaly Kuznetsov <vkuznets@redhat.com>
2015-12-01 18:49:38 +03:00
Andrei Borzenkov
f4c143789a Replace numbers with grub_memory_type_t enums 2015-11-27 19:52:16 +03:00
Vladimir Serbinenko
d43a5ee651 tsc: Use alternative delay sources whenever appropriate.
PIT isn't available on some of new hardware including Hyper-V. So
use pmtimer for calibration. Moreover pmtimer calibration is faster, so
use it on coreboor where booting time is important.

Based on patch by Michael Chang.
2015-11-27 11:39:55 +01:00
Andrei Borzenkov
3d2c8048da efi: really mark memory of unknown type as reserved
9be4c45dbe added switch case between
fall through cases, causing all memory regions of unknown type to be
marked as available.

Move default case into its own block and add explicit FALLTHROUGH
annotation.

Reported by Elliott, Robert (Persistent Memory) <elliott@hpe.com>
2015-11-26 19:50:42 +03:00
Josef Bacik
f9d1b4422e net: reset nb->data per dns record lookup loop
We were resetting nb->data every time we tried a new server, but we need to do
it every time we try for a different record, otherwise we don't end up falling
back to the A record properly.  Thanks,

Signed-off-by: Josef Bacik <jbacik@fb.com>
2015-11-24 20:48:16 +03:00
Matthew Garrett
4042e13fec Add fwconfig command
Add a command to read values from the qemu fwcfg store. This allows data
to be passed from the qemu command line to grub.

Example use:

echo '(hd0,1)' >rootdev
qemu -fw_cfg opt/rootdev,file=rootdev

fwconfig opt/rootdev root
2015-11-20 11:26:00 -08:00
Andrei Borzenkov
6a46cbcc5c unix: do not close stdin in grub_passwd_get
This makes it impossible to read from stdin without controlling tty:

10:/mnt # echo -e passwd\\npasswd | setsid ./grub-mkpasswd-pbkdf2
Enter password:
Reenter password: ./grub-mkpasswd-pbkdf2: error: failure to read password.
10:/mnt
2015-11-18 22:23:58 +03:00
Andrei Borzenkov
50d6f38feb lsefisystab: add missing comma after 7994077 2015-11-17 06:27:17 +03:00
Pavel Bludov
7994077ab9 Add some UUIDs found in the hardware 2015-11-14 17:57:35 +03:00
Konstantin Vlasov
5646e03dba gfxterm: fix calculation of terminal-top and terminal-height
They used screen width, not height.
2015-11-13 21:54:19 +03:00
Paulo Flabiano Smorigo
c899d9f42c ofdisk: add sas disks to the device list 2015-11-12 09:23:02 -02:00
Vladimir Serbinenko
e0bd66c314 multiboot: Don't rely on particular ordering of options. 2015-11-12 11:54:38 +01:00
Vladimir Serbinenko
95ba04606f multiboot_mbi: Fix handling of --quirk-bad-kludge. 2015-11-12 11:54:13 +01:00
Fu Wei
a771a7b9f6 xen_boot: Remove useless file_name_index variable. 2015-11-12 11:33:55 +01:00
Paulo Flabiano Smorigo
a50dbb743e ofdisk: add a comment about vscsi method 2015-11-10 21:20:20 -02:00
Vladimir Serbinenko
25a9b8f208 fdt.mod: Move license tag to the right file. 2015-11-09 16:15:30 +01:00
Fu Wei
372400b419 fdt.mod: Add missing license tag. 2015-11-09 15:27:59 +01:00
Vladimir Serbinenko
254f92815b kern/elf: Ignore cast-align warnings 2015-11-09 11:39:30 +01:00
Vladimir Serbinenko
cb28250cfc cbfs: Fix corner case and compilation with recdent gcc
Accept the header to touch the jump address at 0xfffffff0.

Fix compilation for 64-bit EFI with recent GCC.
2015-11-09 03:24:04 +01:00
Vladimir Serbinenko
b2fc9acdc9 Adapt build-system to use imported xen headers. 2015-11-08 21:24:18 +01:00